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GENERATION OF A SEED NUMBER 

The present invention relates to a method as 
defined in the preamble of claim 1 for computing the 
key to an encryption algorithm used to encrypt messages 
5 transmitted over a telecommunication network and for 
generating the seed number needed for the computation 
of the encryption key by making use of the subscriber 
identity module of a mobile station. Moreover, the in- 
vention relates to a system as defined in the preamble 

10 of claim 7 for computing the key to an encryption algo- 
rithm used to encrypt messages transmitted over a tele- 
communication network and for generating the seed num- 
ber needed for the computation of the encryption key by 
making use of the subscriber identity module of a mobi- 

15 le station. 

In the near future, it is to be expected that 
further applications will be designed for mobile stati- 
on subscriber identity modules, such as SIM cards 
(Subscriber Identity Module, SIM), in which encryption 

20 of communication is required. The encryption algorithm 
implementing the encryption needs an encryption key. In 
prior art, a method is known in which a separate algo- 
rithm for computing the encryption key is implemented 
in the subscriber identity module of a mobile station. 

25 In another prior-art method, the encryption key is sto- 
red on the subscriber identity module in conjunction 
with manufacture. In yet another previously known met- 
hod, the encryption key is stored on the subscriber 
identity module when the latter is taken into use. A 

30 problem with the prior-art methods is that managing the 
seed number needed for the computation of the encrypti- 
on key and/or managing the encryption key is difficult 
and, e.g. in solutions based on an RSA algorithm, sepa- 
rate equipment is needed. A further problem is that an 

35 encryption key permanently stored on the subscriber 
identity module is not as secure as an encryption key 
having a variable value. 
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The object of the present invention is to 
disclose a new type of method that eliminates the prob- 
lems described above. A further object of the invention 
is to disclose a system that can be used to implement 
said method. 

A specific object of the present invention is 
to disclose a method and a system that allow flexible 
and safe management of seed numbers and encryption ke- 
ys. 

As for the features characteristic of the pre- 
sent invention, reference is made to the claims. 

In the method of the invention, the encryption 
key. required by the encryption algorithm used for the 
encryption of communication is computed from a certain 
seed number by making use of the subscriber identity 
module of the mobile station. When the mobile station 
is activated, its subscriber identity module performs 
an authentication procedure with the mobile communica- 
tion network. This is done by using an operator- 
specific authentication algorithm and a seed number 
consisting of a random number RAND generated by the mo- 
bile communication network. The same authentication al- 
gorithm can be used to compute an encryption key. The 
seed number is a number computed on the basis of a ran- 
dom number RAND generated by the authentication centre 
AC of the mobile communication network. Using the seed 
number and a subscriber identification key K ± as star- 
ting values for the authentication algorithm, an appli- 
cation in the subscriber identity module computes the 
encryption key and stores it in the subscriber identity 
module. This encryption key is used when messages are 
to be encrypted and/or decrypted. 

As compared with prior art, the present inven- 
tion has the advantage that it makes the management of 
seed numbers and encryption keys considerably easier 
and simpler than before. As the seed numbers and en- 
cryption keys are calculated in the subscriber identity 
module when necessary, they need not be transmitted or 
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set. A further advantage is that no separate equipment 
is needed for the management of seed numbers and en- 
cryption keys, which means that cost savings are achie- 
ved. The invention also increases security, in the met- 
5 hod of the invention, the encryption key changes conti- 
nuously and it is not transmitted anywhere, thus consi- 
derably reducing the chance of its getting into the 
hands of outsiders. 

In an embodiment of the method, a seed number 
10 is calculated from a random number RAND generated by 
the authentication centre, producing a seed number such 
as RAND+1. 

In an embodiment of the method, the encryption 
key is computed by using an A3 algorithm, which is an 
15 operator-specific authentication algorithm. 

In an embodiment of the method, one or more 
encryption keys are used. In this case, each applicati- 
on requiring encryption has its own encryption key, 
thus increasing security. 

In an embodiment of the method, the encryption 
key is computed by using one or more successive algo- 
rithms so that the result of the preceding algorithm is 
used as the seed number for the next algorithm. This 
provides the advantage that the seed number for the new 
algorithm is changed, which leads to increased securi- 
ty. 

In an embodiment of the method, a certain por- 
tion of the random number range used by the mobile com- 
munication network is reserved for the calculation of 
30 seed numbers. 

The system of the invention for computing the 
key to an encryption algorithm used to encrypt messages 
transmitted over a telecommunication network and for 
generating the seed number needed for the computation 
of the encryption key by making use of the subscriber 
identity module of a mobile station comprises an en- 
cryption device and means for the transmission of en- 
crypted messages. The encryption device comprises a me- 
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ans for computing an encryption key from a seed number. 
The means used to transmit encrypted messages comprise 
a mobile station and an encryption server. 

In an embodiment of the system, an encryption 
device is implemented both in the subscriber identity 
module and in the authentication centre. 

In an embodiment of the system, the encryption 
device comprises a device for storing the encryption 
key. 

In an embodiment of the system, the mobile 
station is GSM compatible. 

In the following, the invention will be 
described by the aid of an embodiment example by refer- 
ring to the attached drawings, wherein 
15 Fi< ?- la a nd lb illustrate an example represen- 

ting the method of the invention in the form of logic 
diagrams; and 

Fig. 2 presents an example representing the 
hardware configuration of the system of the invention. 
20 F±q. la illustrates a method in which the mo- 

bile communication network generates a random number 
RAND and sends it to the subscriber identity module 9. 
Based on this random number, a seed number RAND+1 is 
calculated. This seed number 1 and the identification 
25 key K 4 2 are input as starting values to an A3 algo- 
rithm 3. The identification key iq 2 is a user-specific 
secret parameter, which has been stored in the subscri- 
ber identity module 9 and in the authentication centre 
10. The A3 algorithm 3 is the same operator-specific 
algorithm that is used when the subscriber identity mo- 
dule 9 carries out an authentication procedure with the 
authentication centre 10 of the mobile communication 
network upon activation of the mobile station 8. A fea- 
ture characteristic of the A3 algorithm 3 is that com- 
35 puting the encryption key 4 from the seed number 1 and 
the identification key K ± 2 is easy, but determining 
the identification key 2 on the basis of the seed num- 
ber 1 and the encryption key 4 is extremely difficult. 
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The encryption key 4 is the result produced by the al- 
gorithm 3. This encryption key 4 is used when messages 
are to be encrypted and/or decrypted. 

Fig. lb illustrates a variation of the method 
5 of the previous example. In this case, it is assumed 
that the random number range is 0 - 10000. It is divi- 
ded into two halves so that the random number RAND va- 
lues 0 - 4 999 are reserved for the computation of seed 
numbers 5. the mobile communication network generates a 

10 random number RAND and sends it to the subscriber iden- 
tity module 9. Based on the random number, a seed num- 
ber RAND+5000 is calculated. The seed number 5 and the 
identification key K A 2 are input as starting values to 
the A3 algorithm 3, which produces a new seed number 6 

15 as a result. The new seed number 6 thus computed and 
the identification key K ± 2 are given as starting va- 
lues to a new algorithm 7. The result obtained is used 
as the final encryption key 4. The advantage provided 
by this alternative is that the seed number 6 for the 

20 new algorithm 7 is automatically changed. 

Fig. 2 illustrates a system in which encrypted 
short messages are transmitted between a GSM telephone 
8 and an encryption server 12 in a GSM network. An en- 
cryption device 11 has been implemented both in the 

25 subscriber identity module 9 of the mobile station 8 
and in the authentication 10 of the GSM network. The 
encryption device 11 comprises a SIM Application Tool- 
kit, an application that computes the encryption key 4. 
In addition, the encryption device 11 stores the compu- 

30 ted encryption key 4 for use. When messages to be en- 
crypted and/or decrypted are transmitted, the encrypti- 
on device 11 computes an encryption key 4 on the basis 
of a seed number 1 and a user-specific identification 
key K ± 2 both on the SIM card 9 and in the authentica- 

35 tion centre 10. Based on this encryption key 4, an en- 
cryption algorithm, such as an RSA or 3DES algorithm, 
implemented both on the SIM card and in the authentica- 
tion server 12, encrypts/decrypts the message. The key 



INSDOCID: <WO 9925086A2 1 > 



WO 99/25086 



PCT/FI98/00879 



4 is stored for the next time it is needed, or a new 
value for the key is computed each time. 

The invention is not restricted to the 
examples of its embodiments described above, but many 
vacations are possible within the scope of the inven- 
tive idea defined by the claims. 



WO 99/25086 PCTYFI98/00879 



CLAIMS 

1. Method for computing the key (4) to an en- 
cryption algorithm used to encrypt messages to be 
transmitted over a telecommunication network and for 
5 generating the seed number (1, 5) needed for the compu- 
tation of the encryption key (4) by making use of the 
subscriber identity module (9) of a mobile station (8), 
in which method the key to the encryption algorithm is 
computed from the seed number (1, 5) using a certain 
10 algorithm (3,7), characterised in that 

- the seed number (1, 5) used is a number com- 
puted from a random number RAND generated by the aut- 
hentication centre (AC) (19) of the mobile communicati- 
on network; and 

15 " usin g the authentication algorithm (3) of 

the mobile communication network, the encryption key 
(4) required by the encryption algorithm is computed 
from the seed number (1, 5) and a subscriber identifi- 
cation key K ± (2) . 

20 2 - Method as defined in claim 1, charac- 

terised in that the seed number is calculated from 
the random number RAND generated by the authentication 
centre (10), producing a seed number such as RAND+1. 

3. Method as defined in claim 1 or 2, c h a - 
25 racterised in that the encryption key (4) is 

computed by using an A3 algorithm (3) . 

4. Method as defined in any one of claims 1 - 

3, characterised in that one or more encryp- 
tion keys are used. 

30 5 - Me thod as defined in any one of claims 1 - 

4, characterised in that the encryption key 
is computed by using one or more successive algorithms 
(3, 7) in such manner that the result of the preceding 
algorithm (3) is used as the seed number for the next 

35 algorithm (7 ) . 

6. Method as defined in any one of claims 1 - 

5, characterised in that a certain portion of 
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the random number range used by the mobile communicati- 
on network is reserved for the computation of seed num- 
bers (1, 5) . 

7. System for computing the key (4) to an en- 
cryption algorithm used to encrypt messages to be 
transmuted over a telecommunication network and for 
generating the seed number (1, 5 , needed for the compu- 
tation of the encryption key by making use of the 
subscriber identity module (9) of a mobile station (8) 
said system comprising an encryption device (11) and 
means (8, 12) for the transmission of encrypted 
messages, characterised in that 

- the encryption device (11) comprises a means 
for computing the encryption key (4) from the seed num- 
15 ber (1, 5); and 

the means used to transmit encrypted 
messages comprise a mobile station (8) and an encrypti- 
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25 



on server (12) 

c h a r a c - 



8. System as defined in claim 7, 



20 t e r i s e d in that an encryption device (H) is 
implemented both in the subscriber identity module (9) 
and in the authentication centre (10). 

9. System as defined in claim 7 or 8, cha- 
racterised in that the encryption device (11) 
comprises a device for storing the encryption key (4). 

10. System as defined in any one of claims 7 - 
9r characterised in that the mobile station 
(8) is GSM compatible. 
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